<?php

/**
 * Client_OpenID_Configuration sets up configuration variables for this OpenID
 * client.
 *
 * This includes setting up the trust lists as well as the profile data to be
 * transferred at registration and (optionally) synchronised with the server
 * at each login.
 *
 * Trust Lists
 *
 * add_to_green_list, add_to_yellow_list and add_to_red_list set up the 
 * trust lists.
 *
 * OpenIDs on the green list are completely trusted and all profile data provided
 * is written to the local database.
 *
 * OpenIDs on the yellow list are not completely trusted. In particular, email
 * addresses must be confirmed through an email message sent to the user before
 * the account is created.
 *
 * OpenIDs on the red list are not trusted and are blocked.
 *
 * You can use '*' as a wildcard character when specifying OpenIDs in the green,
 * yellow or red lists.
 *
 * If an OpenID appears on more than one trust list, then the red list followed
 * by the yellow list is given priority.
 *
 * As an example, to set up your OpenID client to allow any OpenIDs but require
 * confirmation for all email addresses, simply specify:
 *
 * $this->trust->add_to_yellow_list('*');
 *
 * below.
 *
 * Profile Fields
 *
 * add_field($client_field_name,$openID_extension, $openID_field) adds a profile field.
 * Once a profile field is added, various parameters can be set using:
 *
 * set_label:				sets the public phrase used to describe this field in forms
 * required:				this value is required for registration
 * set_client_transform:	used to convert a server value to a client value
 * set_display_transform:	used to convert a client value to a display value
 * set_sync_type: 			auto (automatic for this field),
 *							user (left up to the user to decide), or 
 *							none (no syncing for this field)
 *
 * Missing Fields
 *
 * If a profile field is set to required and is not provided by the OpenID server at
 * registration time, a form is presented asking the user to provide this information.
 *
 * Email addresses provided by the user on a form are never trusted. If an email
 * message is required and is provided by the user instead of an OpenID server, then the
 * OpenID client sends a confirmation message to the user and the user must click on a
 * link in the message before the account is activated.
 *
 * If your system has its own mechanism for dealing with missing registration data,
 * don't make any of the fields listed here required. When the user attempts
 * to login with the missing data, your system can then respond appropriately.
 *
 * Profile Synchronisation
 *
 * If the OpenID client notices at login that a profile field on the client has a
 * different value than the one on the server, it will react differently depending on
 * the situation:
 *
 * If the sync_type for the field is set to 'auto', then the client will automatically 
 * update the client field with the new server information (except possibly for
 * email addresses - see below).
 *
 * If the sync_type for the field is set to 'user', then the client will present a form
 * to the user at login showing the values that differ and asking the user to tick
 * check boxes next to the information that they want to update. As this could become
 * tedious for users who deliberately want to maintain different values on your client
 * system, the same form has a tick box to turn off synchronisation for user-synchronised
 * fields for that user.
 *
 * If the sync_type is set to 'none', then the difference between the values will be
 * ignored for that field.
 *
 * Email addresses are treated slightly differently. If the email address is empty,
 * syntactically invalid or already in use by another user, the OpenID client will 
 * reject it. If the OpenID is on the yellow trust list, the OpenID client will
 * ask the user to confirm a changed address before updating the client system.
 *
 * If the sync_status is set to 'auto' for an email address on a yellow server,
 * and the email address changes on the server, the OpenID client will not trust
 * the new address. By default, it will automatically send a email change
 * confirmation message to the user but will log the user in anyway (keeping the
 * old address until the user confirms the new address). If you want to lock the
 * user out until he/she has confirmed the email address change, set
 * $this->lock_out_on_email_change to true.
 *
 *
 * Notes:
 *
 * By default, the only defined client transformations are 'upper' and 'lower' to
 * convert server values into upper or lower case respectively before they are
 * stored on the client system or compared to client values. You can add more client
 * transformations by extending Client_OpenID_System_Moodle::client_transform.
 *
 * By default, no display transformations are provided. You may wish to add some (for example,
 * a 'country' transformation could convert an ISO 3166-1 country code into a country name).
 * You can add display transformations by extending Client_OpenID_System_Moodle::display_transform.
 *
 * Client_OpenID_System_Moodle::set_field and Client_OpenID_System_Moodle::get_field are used to save
 * and retrieve the profile information for your system.
 *
 */
 
Class Client_OpenID_Configuration {
	// must extend for a real application
}
 
Class Client_OpenID_Configuration_Moodle extends Client_OpenID_Configuration {
	function Client_OpenID_Configuration_Moodle ($trust,$profile) {
		global $CFG,$SITE;
		
		$this->sys = $profile->sys;
		$this->trust = $trust;
		$this->prf = $profile;
		
		// wwwroot must always end in a slash
		// since this is not true for Moodle, add one		
		$this->wwwroot = $CFG->wwwroot.'/';
		
		$this->sitename = $SITE->fullname;
		
		// If the default server is set and the user enter a bare
		// account name with no dots, then the OpenID client attempts to
		// generate a full OpenID url using the default server string
		// (which should include '%s' to show where the bare account name
		// should be inserted.
		// 
		// Note that you cannot set the default server to a server
		// that allows dots in its account names.
		
		$this->default_server = $this->sys->get_config('default_server');
		
		// lock_out_on_email_change is explained above
		$this->lock_out_on_email_change = $this->sys->get_config('lock_out_on_email_change');
		
		// the OpenID server redirects to the following URL and appends 
		// the information required for login to the query string
		$this->return_url = $this->wwwroot.'mod/openid_client/return.php';
		$this->confirm_url = $this->wwwroot.'mod/openid_client/confirm.php';
		
		// set up the trust lists

		// $this->trust->add_to_green_list('http://yourserver.com/*');
		$this->trust->add_to_yellow_list('http://*.myopenid.com/');
		$this->trust->add_to_yellow_list('*');
		
		// set up the profile fields

		$f = new Client_OpenID_Profile_Field('email','sreg','email');
		$f->set_label($this->sys->t('emailLabel'));
		$f->required();
		$f->set_sync_type('user');
		$this->prf->register($f);		
		
		$f = new Client_OpenID_Profile_Field('name','sreg','fullname');
		$f->set_label($this->sys->t('nameLabel'));
		$f->required();
		$f->set_sync_type('none');
		$this->prf->register($f);
		
		$f = new Client_OpenID_Profile_Field('country','sreg','country');
		$f->set_label($this->sys->t('countryLabel'));
		$f->set_sync_type('user');
		$f->set_client_transform('upper');
		$f->set_display_transform('country');
		$this->prf->register($f);	
		
		$f = new Client_OpenID_Profile_Field('lang','sreg','language');
		$f->set_label($this->sys->t('languageLabel'));
		$f->set_sync_type('user');
		$f->set_client_transform('lower');
		$this->prf->register($f);
		
		$this->sys->log_array('Client_OpenID_Configuration_Moodle, client fields',$this->prf->client_fields);
		
	}
}

?>
